Lotus Notes@8.5.1 Security Vulnerabilities and Issues — Lotus Notes@8.5.1 CVE List

Lucene search

IbmLotus Notes8.5.1

23 matches found

CVE•added 2012/06/20 10:27 a.m.•142 views

CVE-2012-2174

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.

9.3CVSS7.2AI score0.68526EPSS

CVE•added 2013/01/11 12:55 a.m.•110 views

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Ti...

9.3CVSS4.5AI score0.09366EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics Syst...

9.3CVSS5.5AI score0.05992EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4823

9.3CVSS5.2AI score0.13162EPSS

CVE•added 2013/01/11 12:55 a.m.•82 views

CVE-2012-4822

9.3CVSS5.3AI score0.10236EPSS

CVE•added 2011/05/31 8:55 p.m.•70 views

CVE-2011-1213

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

9.3CVSS7.4AI score0.80847EPSS

CVE•added 2018/07/16 2:29 p.m.•64 views

CVE-2013-0522

The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ...

7CVSS6.5AI score0.00042EPSS

CVE•added 2013/05/01 12:0 p.m.•59 views

CVE-2013-0127

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and J...

5.8CVSS7AI score0.01074EPSS

CVE•added 2014/04/23 7:55 p.m.•58 views

CVE-2014-0892

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka ...

5CVSS7.5AI score0.01315EPSS

CVE•added 2011/05/31 8:55 p.m.•55 views

CVE-2011-1512

Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.

9.3CVSS7.9AI score0.18231EPSS

CVE•added 2011/05/31 8:55 p.m.•54 views

CVE-2011-1215

Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.

9.3CVSS7.8AI score0.18883EPSS

CVE•added 2013/05/10 11:42 a.m.•54 views

CVE-2013-2977

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

6.8CVSS7.8AI score0.21693EPSS

CVE•added 2011/05/31 8:55 p.m.•50 views

CVE-2011-1217

Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.

9.3CVSS7.7AI score0.11061EPSS

CVE•added 2011/05/31 8:55 p.m.•50 views

CVE-2011-1218

Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.

9.3CVSS7.7AI score0.08458EPSS

CVE•added 2011/05/31 8:55 p.m.•47 views

CVE-2011-1214

Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.

9.3CVSS7.9AI score0.15959EPSS

CVE•added 2018/03/14 12:29 a.m.•46 views

CVE-2018-1437

IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Fo...

9.3CVSS7.7AI score0.00234EPSS

CVE•added 2012/12/19 11:55 a.m.•45 views

CVE-2012-4846

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

4.3CVSS5.8AI score0.00234EPSS

CVE•added 2013/06/21 5:55 p.m.•45 views

CVE-2013-0536

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

7.2CVSS6.7AI score0.00048EPSS

CVE•added 2011/05/31 8:55 p.m.•43 views

CVE-2011-1216

Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.

9.3CVSS8AI score0.18883EPSS

CVE•added 2013/05/01 12:0 p.m.•41 views

CVE-2013-0538

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.

4.3CVSS5.7AI score0.0053EPSS

CVE•added 2010/04/29 5:30 p.m.•40 views

CVE-2010-1608

Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. Howeve...

10CVSS8.2AI score0.12867EPSS

CVE•added 2018/03/14 12:29 a.m.•39 views

CVE-2018-1435

IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.

7.8CVSS7.5AI score0.00991EPSS

CVE•added 2013/07/18 4:51 p.m.•34 views

CVE-2012-6349

Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.

9.3CVSS7.9AI score0.07953EPSS